Renouveau & Démocratie (R&D)
Protection of your personal data
This privacy statement provides information about the processing and the protection of your personal data in relationship with the newsletter sent by the functional mailbox of the trade union.
Table of Contents
- Introduction
- On what legal ground(s) do we process your personal data
- What, why and how do we process your personal data?
- How do we protect and safeguard your personal data and for how long?
- Who has access to your personal data and to whom is it disclosed?
- What are your rights and how can you exercise them?
- Recourse
************************************************************************************************
1. Introduction
Renouveau & Démocratie, is an official trade union of the European Commission. It defends the individual and collective interests of staff employed in European Institutions and/or other European bodies, and of people who, although they work for European Institutions, have no statutory links with them. It defends equality of treatment and of working conditions.
Its aim is to achieve a more egalitarian and fairer society. In particular, R&D is committed to defending the aspirations of the most under-privileged. It is opposed to all forms of exclusion, and of discrimination based on gender, religion or membership of political (so long as it is democratic) and/or philosophical movements.
R&D is keen to emphasise and maintain its pluralist character. Its priorities include the achievement of trade union unity within European Institutions (read our Statute)
Renouveau & Démocratie is committed to protect your personal data and to respect your privacy. This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
2. On what legal ground(s) do we process your personal data?
Il s’agit ici de se conformer au règlement UE 2016/679 du Parlement européen et du Conseil du 27 avril 2016 relatif à la protection des personnes physiques à l’égard du traitement des données à caractère personnel (RGPD) ainsi qu’au règlement UE 2018/1725 du Parlement européen et du Conseil du 23 octobre 2018 relatif à la protection des personnes physiques à l’égard du traitement des données à caractère personnel par les institutions, organes et organismes de l’Union et à la libre circulation de ces données (« EUDPR »).
Pour autant, il ne saurait être question de déroger aux principes de la Charte des droits fondamentaux qui établit entre autres, les droits à la liberté d’expression et d’information incluant la liberté de recevoir ou de communiquer des informations ou des idées sans qu’il puisse y avoir ingérence d’autorités publiques (article 11) et le droit à l’information et à la consultation des travailleurs au sein de l’entreprise (article 27).
En effet, un équilibre est recherché afin que la mise ne pratique de ces réglementations n’entrave pas la liberté d’expression des organisations syndicales sachant que dans la hiérarchie de normes la Charte des droits fondamentaux doit prévaloir sur les recommandations des organismes internationaux. Article 27 of Charter of Fundamental Rights of the European Union (2000/C 364/01)
Les syndicats se sont vus imposer l’obligation d’avoir la personnalité juridique de droit belge, d’où la référence au RGPD et non au seul EUDPR. Précisément, le Règlement RGPD dans son considérant n°4 indique que le droit à la protection des données personnelles n’est pas un droit absolu et doit être considéré par rapport à sa fonction dans la société et être mis en balance avec d’autres droits fondamentaux, conformément au principe de proportionnalité. CCT nr 5 (Belgian “Convention Collective de Travail N°5)[1] qui règlemente également les communications au sein des entreprises ;
– Freedom of association – Compilation of decisions of the Committee on Freedom of Association , Sixth edition (2018), case 1583, ILO (Internal Labour Organization) (https://www.ilo.org/global/standards/subjects-covered-by-international-labourstandards/freedom-of-association/WCMS_632659/lang–en/index.htm ).
Le Comité de la Liberté Syndicale de l’OIT dans ses recommandations a insisté sur le fait que le plein exercice des droits syndicaux exige la libre circulation des informations. Sur l’utilisation des matériels de l’entreprise notamment la messagerie électronique, ce Comité de la Liberté Syndicale, a indiqué que les représentants des travailleurs devraient disposer des facilités nécessaires à l’exercice de leurs fonctions et que les principes de la liberté syndicale ne peuvent pas être restreints dans ce contexte. L’OIT dit, en résumé, que l’employeur n’a pas le droit d’intervenir dans la communication que les syndicats font vers les travailleurs.
De plus, la pratique dans d’autres Institutions européennes, montre que le travail syndical est considéré comme un travail effectué dans l’intérêt du service, de sorte que les courriels des OSPs doivent être assimilés à des courriels de travail au même titre que ceux provenant de l’Administration.
Thus, sending emails to staff is lawful for trade unions under different legal grounds: – Article 6 (e) and 6 (f), article 9.2.(b) and (d) of GDPR (Regulation (EU) 2016/679), as our trade union is a non-profit organisation under Belgian law.
While the lists made and processed with data of colleagues wishing to be removed from emails distribution sent by an internal Functional Mailbox to email addresses contained in the address book of Outlook owned and managed by DIGIT C.6 fall under Regulation (EU) 2018/1725[2] , namely Article 5.1 (a) and 5.1 (d) “the data subject has given consent to the processing of his or her personal data for one or more specific purposes;” of this Regulation.[3] 1 convention collective de travail n 5 du 24 mai 1971 concernant le statut des délégations syndicales du personnel des entreprises, modifiée et complétée par les conventions collectives de travail n° 5 bis du 30 juin 1971, n 5 ter du 21 décembre 1978 et n° 5 quater du 5 octobre 2011 http://www.cntnar.be/CCT-COORD/cct-005.pdf 2 For what refers to the use of Outlook, the internal tool used by the Commission (European Institution), and according Art 14.1 (a) and (b), see record DPR-EC_03610 ( https://ec.europa.eu/dporegister/detail/DPR-EC-03610) 3 The processing operations of the European Commission Email system is necessary for the performance and the support of the numerous tasks carried out by the institution as mandated by the Treaties, and more specifically article 156 of the Treaty of the Functioning of the 4
In addition, the legal basis in Union law for processing may also be find in:
- · Article 10b of the Staff Regulations,
- · Framework Agreement between the Commission and trade unions
- · Code of Good Conduct to be concluded between DG HR and Trade Unions.
3. What, why and how do we process your personal data?
In accordance with article.10 of the staff regulations, Renouveau & Démocratie, in its trade union position, informs staff of its actions via an official functional mailbox (FMB) granted by Directorate General for Human Resources of the European Commission (DG HR) and by using the formal directory available to all staff.
The personal data includes the full name and the email address of the user, as well as the administrative location, the DG of employment and the login
The emails we are sending also provide links to allow removal or un-subscription. To perform that task, we build a list of all staff members who do not want to receive any more the emails sent by our trade union through the Functional Mailbox made available by DG HR and DIGIT using MS Outlook. This is the only list we store: that of persons willing to opt out from receiving further message from us.
Your personal data will not be used for an automated decision-making including profiling but is necessary for the management of Renouveau & Démocratie’s actions.
4. How do we protect and safeguard your personal data and for how long?
The collected personal data are stored on a server made available by DG HR (i.e. an institutional server), which guarantees data protection and confidentiality to the standards of Regulation (EC) 679/2016.
Although trade union have a clear fundamental right to inform the colleagues as set above in chapter 2, Renouveau & Démocratie decided to respect the choice of our colleagues, when unsubscribing, not sending them any more newsletter, whatever the importance of its content.
Disclaimer:
Despite the care we take to keep these lists up to date, it is possible that unsubscribed colleagues still receive one or the other newsletter. This may be the consequence of some IT problem for which we cannot be held responsible, but report the problem to us immediately so that we can resolve it.
5. Who has access to your personal data and to whom is it disclosed?
Data and information transmitted to Renouveau & Démocratie is dealt with in strict confidentiality and will only be accessed by persons dealing with the administrative functioning of the organisation and for the purposes of processing the tasks described in point 2 of this privacy statement.
6. What are your rights and how can you exercise them?
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability. In case you wish to verify which personal data is stored on your behalf, have it modified, corrected or deleted, please contact OSP-RD@ec.europa.eu that will facilitate and coordinate the process at its level.
7. Recourse
The Data Controller If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller of Renouveau & Démocratie : OSP-RD-BXL@ec.europa.eu.
If this contact is unsuccessful, you may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725 or the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.
[1] convention collective de travail n 5 du 24 mai 1971 concernant le statut des délégations syndicales du personnel des entreprises, modifiée et complétée par les conventions collectives de travail n° 5 bis du 30 juin 1971, n 5 ter du 21 décembre 1978 et n° 5 quater du 5 octobre 2011 http://www.cnt-nar.be/CCT-COORD/cct-005.pdf
[2] For what refers to the use of Outlook, the internal tool used by the Commission (European Institution), and according Art 14.1 (a) and (b), see record DPR-EC_03610 ( https://ec.europa.eu/dpo-register/detail/DPR-EC-03610)
[3] The processing operations of the European Commission Email system is necessary for the performance and the support of the numerous tasks carried out by the institution as mandated by the Treaties, and more specifically article 156 of the Treaty of the Functioning of the European Union (TFEU) in regards to communication made by trade unions (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012E/TXT&from=FR )